2014 LENOVO. All rights reserved.media.lenovo.ru/Files/_Products/SERVERS_and... · Supported Systems 3rd thand 4th generation ThinkServer Except TS130, TS140, RS140 5 generation ThinkServer

2014 LENOVO. All rights reserved.

2

Introduction

– What‘s new in this offering

– Value proposition

– Positioning and product support

Capabilities

– Features summary

– TMM vs TSM

– Support for 3rd party management consoles

What to Sell

Additional resources

System Status Monitoring and Error Reporting

Sensor Coverage

Configuring Platform Event Filters

Configuring TSM

Network Configuration

Security Features

User Authentication

Inventory and FRU Reporting

Updating

Power Management


ThinkServer System Manager

Architecture and Management Interfaces

Network Connections

Management Interfaces

– Web Server

– Virtual Console

– Virtual Media

– IPMI

– DCMI

– PowerShell CLI

– SMASH

– Serial Console Redirection

– SNMP


4

New …

– Completely redesigned systems management subsystem for fifth-generation ThinkServer systems

– Browser-based GUI

– HTML5 – suitable for mobile devices and tablets

– Easy to navigate user interface to quickly view system conditions

– PowerShell CLI provides increased flexibility and scripting capabilities

… and Improved

– Sensor coverage

– FRU inventory coverage and reporting

Includes

– Comprehensive system level monitoring and alerting

– Power monitoring and management controls supporting Lenovo Energy Manager

– Advanced authentication and security features

– Dedicated or shared network port

ThinkServer System Manager Premium adds remote access with Virtual Console and Virtual Media, and activates ThinkServer Energy Manager license


Introducing ThinkServer System Manager

5

Fully featured management solution built on open industry standards

Reduce TCO by increasing server administrators‘ productivity –

– Remotely perform most functions that otherwise require a visit to the server

Increase overall server availability

Operates independently of server

– Operational regardless of system‘s state (e.g. server is powered off, or an operating system is not installed or is not functioning)


Proven Value of Server Management with TSM

6

As part of any server systems management infrastructure, and for:

– Remote branches

– Limited access datacenters

– Customers where single remote control capability is required

Addresses key system management concerns:

– Low cost support to heterogeneous environments

– Full remote management capability

– Supports remote deployment, dynamic allocation

Available in all Lenovo 5th generation ThinkServer racks and towers


TSM Positioning and Product Support

Small

Business

Remote

Offices

Medium

Business Enterprise /

Datacenter


8

Access

– Industry-standard interfaces and protocols

– IPMI 2.0

– DCMI 1.0

– SMASH-CLP

– WS-MAN

– SNMP v3 (Gets only)

– Secure HTML5 Web Browser GUI

– Serial Port Redirection

– IPMI Serial over LAN

– Server console redirection via Telnet, SSH

– PowerShell CLI

Networking Protocol Support

– ARP, DHCP, DNS, HTTP, HTTPS, ICMP, LDAP, LDAPS, SMTP, SNMP (Traps), SNMP v3 (Gets only), SNTP, SSL, SSH, VLAN, NTP, SLP, Telnet,

– IP address, Host name, Subnet mask, Gateway

– Network Port Reassignments

Monitoring and Alerting

– Access to critical server settings

– Continuous health monitoring and control

– System Watchdog Timers – POST, OS heartbeat

– Automatic out-of-band notification and alerts

– Configurable PEF / PET Traps (IPMI Style)

– SNMP Traps

– SMTP (eMail)

– CIM indications

– Event logs

– IPMI System Event Log (SEL) – Time stamped events; Human Readable via the Web Interface and BIOS

– Extended SEL log for additional related information from SEL

– Audit log for administrative events

FRU monitoring available thru Web I/F, IPMI, PowerShell CLI, WS-MAN, SMASH-CLI

Remote power control (on / off / power cycle / shutdown / reset)


TSM Features Summary

Security

– Enterprise class security access protocols such as SSL, SSH, RMCP+

– User authentication and role based privileges supported through local accounts or secure connection to LDAP or Active Directory

– Firmware Firewall

Remote platform firmware updating with BIOS and TSM recovery to last known good image

Boot sequence manipulation (via IPMI)

Configurable via Web, PowerShell CLI, IPMI, WS-Man, SMASH-CLI

Save and Restore configuration to a file

Remote Presence (with TSM Premium)

– Remote Keyboard, Video, Mouse (KVM)

– Remote Media: CD-ROMs (USB, SATA); DVD-ROMs (USB, SATA); USB mass storage devices; ISO images; IMG images (create from local folders)

ThinkServer Energy Manager enablement (with TSM Premium)

– Captures power data, provides closed-loop controls to limit maximum power consumed

9

Capability ThinkServer Management Module ThinkServer System Manager

Supported Systems 3rd and 4th generation ThinkServer Except TS130,

TS140, RS140

5th generation ThinkServer

Supported Standards IPMI version 2.0

DCMI 1.0 (2P racks only)

SMASH-CLI (limited support)

WS-MAN (limited support)

IPMI version 2.0

DCMI 1.0 (supported on all systems)

SMASH-CLI (comprehensive support)

WS-MAN (comprehensive support)

SNMP v3 (Gets)

Secure Web Interface Yes Yes (mobile device optimized)

Embedded Command Line Interface SMASH-CLI (limited support) SMASH-CLI (comprehensive support)

PowerShell

Sensor Coverage Limited Comprehensive

Alert Mechanisms SNMP Traps

SMTP (eMail)

CIM indications

SNMP Traps

SMTP (eMail)

CIM indications

Event Logs System Event Log (SEL) System Event Log (SEL)

Extended SEL log for additional related information from SEL

Audit log for administrative events

Power Control Yes Yes

Predictive Failure Analysis (PFA) support No Yes

Remote Presence (KVM) w/ TMM Premium w/ TSM Premium

Remote Media w/ TMM Premium w/ TSM Premium

Directory Integration (LDAP) Yes Yes

Active Directory Integration No Yes

Local User Accounts 16 9

Prevention Against Hammer Attacks Yes No


TMM vs. TSM


11

Lenovo ThinkServer System Manager

– Standard on all 5th generation servers

– Complete remote access to manage, monitor, troubleshoot and repair from anywhere for maximum uptime

– Provides secure alerts and status

Lenovo ThinkServer System Manager Premium

– Optional upgrade enabled by hardware key

– Installs on motherboard

– Enables remote control and virtual media

– Activates ThinkServer Energy Manager functionality

– Option P/N 4XF0G45867

Products tested and certified to work in conjunction with the TSM

– Microsoft PowerShell

– Lenovo Management plug-in for VMware vCenter

– Lenovo Management Pack for Microsoft System Center Operations Manager (SCOM)

– ThinkServer Energy Manager

– Activated on 5th generation servers with TSM Premium

– Available for upgrade to 5th and selected 4th generation ThinkServer systems, and third party servers with Node License Packs


What to Sell


13

Technical Systems Overview

―Lenovo ThinkServer System Manager Overview‖ (whitepaper)

―Using the PowerShell CLI‖ (whitepaper)

Solution Center TSM Demo

Lenovo Web Content

TSM Datasheet

End-user documentation

– ThinkServer System Manager User Guide

– ThinkServer System Manager Command Line Interface User Guide

– ThinkServer Deployment Manager User Guide


Resources to Help You


15

Management performed by autonomous embedded microprocessor referred to as Baseboard Management Controller (BMC)

The BMC manages the interface between system management software and platform hardware

A variety of controllers, sensors, connectors, and storage components are interconnected to monitor and control the server hardware

The BMC monitors the sensors and can send alerts via the network if any parameters do not stay within preset limits, indicating a potential failure of the system


Hardware Architecture

Notes:

1. Only Mezzanine-0 Port 0 can be used for Shared Mode

2. 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards

3. 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards

4. Intel Mezzanine cards can lose connectivity for up to 5 seconds on

power state changes (S5, S0)

16

Interface In-Band Out-of-Band

HTTP/HTTPS

Browser I/F N/A • external LAN connection

IPMI 2.0 KCS I/F on TSM

for OS IPMI driver

• RMCP+ or RMCP over external LAN

connection

DCMI 1.0 KCS I/F on TSM

for OS IPMI driver

• RMCP+ or RMCP over external LAN

connection

PowerShell CLI N/A • WS-Man over external LAN connection

WS-MAN N/A • SOAP/HTTP over external LAN

connection

SMASH-CLI N/A • SSH/Telnet over external LAN

connection

Serial Console

Redirection N/A

• IPMI Serial over LAN (SOL)

• SSH/Telnet over LAN

• external serial COM port (BIOS based)

SNMP Traps (IPMI) N/A • external LAN connection

SNMPv3 (GETs) N/A • external LAN connection


Management Interfaces / Protocol Support

Administrators and management software communicate

with the TSM over several physical interfaces using several

management protocols.

17

Interface In-Band Out-of-Band

LAN Serial Port

HTTP/HTTPS Browser I/F • N/A • external LAN connection • N/A

IPMI 2.0 • KCS I/F on TSM

for OS IPMI driver • RMCP+ or RMCP over external LAN connection • ―IPMI over Serial‖ over external Serial Port

DCMI 1.0 • KCS I/F on TSM

for OS IPMI driver • RMCP+ or RMCP over external LAN connection • ―IPMI over Serial‖ over external Serial Port

PowerShell CLI • N/A • WS-Man over external LAN connection • N/A

WS-MAN • N/A • SOAP/HTTP over external LAN connection • N/A

SMASH-CLI • N/A • SSH/Telnet over external LAN connection • SSH/Telnet over external Serial Port

Serial Console Redirection • N/A

• IPMI Serial over LAN (SOL)

• SSH/Telnet over external LAN connection (Issue

CMD from SMASH-CLI to initiate console redirection)

• Terminal redirection over external serial COM

port (TSM not involved. This is directly to

BIOS).

SNMP Traps (IPMI) • N/A • external LAN connection • N/A

SNMPv3 (GETs) • N/A • external LAN connection • N/A


Management Interfaces / Protocol Support (Detail)


19

Shared – uses common network port on Mezzanine-0 with two different MAC addresses – one for Mezzanine card and one for TSM

– Any Ethernet Mezzanine card is supported

– Mezzanine port-0 is used (not customizable)

– Simplifies switch configuration and minimizes network ports

– Virtual LANs supported to provide some separation between in-band network and TMM

– 10 Mb/s maximum TSM bandwidth on 1 GbE Mezzanine cards

– 100 Mb/s maximum TSM bandwidth on 10 GbE Mezzanine cards

– Intel Mezzanine cards can lose connectivity for up to 5 seconds on power state changes (S5, S0)

Dedicated – uses separate network port

– Provides complete physical separation between Mezz-0 and TSM

– 1 Gb/s maximum TSM bandwidth


TSM Supports Shared or Dedicated Network Connectivity

Dedicated Shared / OS Available

20 2014 LENOVO. All rights reserved.

Shared vs. Dedicated Management LAN

Production

Network Production Network

Management Network

Mgmt

Network

Production

Network

Shared Management Port:

• Shares management traffic with

production network

Dedicated Management Port:

• Isolates management traffic from

production network Production Network

Management Network


22

TSM provides an integrated web server exposing many of the manageability features of the ThinkServer

Provides overall system status at a glance

Allows configuration of the management subsystem in a mobile friendly GUI

From the web interface, users can:

– Configure the TSM network interface and protocol settings

– Administer user access and permissions

– Configure alerts

– View system health and status

– View the System Event Log

– Remotely control power to the server

– Initiate remote console and media sessions


TSM Web Interface


24

Remote Virtual Console is available with the optional TSM Premium upgrade key

Enables viewing the server console from a remote computer, using the remote computer‘s mouse and keyboard to interact with and control the server

Server keyboard, video, and mouse (KVM) redirected over the LAN – available remotely from the embedded web server with Java JNLP


Remote Virtual Console

The "Console Launcher" tab has a button to launch the Virtual

Console. In addition to the "Launch Console" button, the tab also

presents a screenshot of the server.

25

Maximum number of concurrent KVM viewer sessions is 3

Remote Video

– Resolutions up to 1920 x 1200 x 32bpp @ 60Hz

– Video bandwidth can be selected to reduce network loading

Remote Keyboard / Mouse

– Keyboard Macros

– International Keyboard support

– Absolute, Relative - Mouse Modes

– Single Cursor Mode Selection

Record video or screen captures from remote display

Server Power Control

– Reset, Immediate Shutdown, Orderly Shutdown, Power On, Power Cycle available via the Remote KVM applet window

KVM transmissions can be encrypted

Local Monitor can be turned on / off in the virtual console

Virtual Media can be managed from Virtual Console


Virtual Console Features

Remote console showing ThinkServer Deployment Manager

26

Auto Video Recording (Post Event) Pre-Event Video Recording (only for Crash /

Reset Event)

Time Limits

20 seconds video allowed if TSM Local

Storage(RAM)

Default-10sec, but can be configurable up to 60sec.

300 seconds recording allowed if Remote

Storage(NFS Path)

Video File Count 2 (After 2 files no more recording allowed)

1 if local storage / 3 if remote storage. (Once Max

file count reached, will delete old video file to store

new.)


Video Recording Limits


28

Remote Media is provided with Virtual Console – available with the optional TSM Premium upgrade key

Enables logically mounting a local computer disk drive on the server – available remotely from the embedded web server with Java JNLP

A mounted disk can be used to restart the server or to install software on the server

Devices that can be virtualized include: CD-ROMs (USB, SATA), DVD-ROMs (USB, SATA), USB mass storage devices, ISO images, disk raw data files (e.g. ghost, dd), IMG images (create from local folders)


Remote Media

29

Files used by Remote Media can be redirected from a NFS or CIFS network file share

The 'Remote Images Settings' dialog allows enabling or disabling remote images redirection and configuring the network location where the image files are available


Configuring remote images for use with Remote Media


31

What is IPMI

– A standardized message-based hardware-level interface specification for out-of-band management

Lenovo fully implements the IPMI 2.0 standard, and adds additional capability with published OEM commands

IPMI commands are supported over the following interfaces

– IPMI Over LAN

– Allows remote management of a server by sending industry standard IPMI command line commands to the TMM over the LAN

– IPMI In-band interface (KCS)

– Uses Operating System IPMI driver


IPMI Interfaces

IPMI over LAN IPMI over in-band

KCS I/F

32

Lenovo OEM Commands NetFn Command

Set LED Status Command 0x3A 0x01

Get Fan LED Status Command 0x3A 0x02

Get Active Thermal Profile Command 0x3A 0x03

Set Thermal Profile Command 0x3A 0x04

Manage Thermal Configuration File

Command

0x3A 0x05

Get DIMM CLTT Configuration Command 0x3A 0x06

Set DIMM CLTT Configuration Command 0x3A 0x07

Get Thermal Profile Name Command 0x3A 0x08

Get Thermal Profile List Command 0x3A 0x09

Get Inventory Data Command 0x3A 0x0a

Get Recovery Image Boot Info Command 0x3A 0x0b

Set Recovery Image Boot Info Command 0x3A 0x0c

Get Internal Sensor Reading Command 0x3A 0x0e

Get Platform ID Command 0x3A 0x0f

Get CPU and DIMM temperature 0x3A 0x11

Get Thermal Inventory Info Command 0x3A 0x12

Get iKVM Key status 0x3A 0x13

iKVM software Key Create 0x3A 0x14


IPMI Lenovo OEM Commands

Lenovo OEM Commands NetFn Command

Media Service Control 0x3A 0x15

Set Power logging Configuration 0x3a 0x17

Get Power log Info 0x3a 0x18

Get Power Log Data 0x3a 0x19

Set PSU Redundancy Mode 0x3a 0x1a

Get PSU Redundancy Mode 0x3a 0x1b

Set WEB Directory 0x3A 0x22

Set Fan Duty Cycle Command 0x3A 0x30

Get Fan Duty Cycle Command 0x3A 0x31

Set Fan Mode Command 0x3A 0x32

Get Fan Mode Command 0x3A 0x33

Initialize SD partitions 0x3A 0x34

Check SD partition status 0x3A 0x35

Remount Sd partitions 0x3A 0x36

Set GPIO Status 0x3A 0x37

Get GPIO Status 0x3A 0x38

Set Mezz Interface Control 0x3A 0x3a

Get Mezz Interface Control 0x3A 0x3b


34

DCMI is a industry specification that defines a simplified, reliable, interoperable management interface

Addresses the unique requirements of server platform management within Internet Portal Data Centers (IPDC) and other High Density Data Centers where large numbers (into the ten's of thousands) of servers are deployed

Based on IPMI 2.0 standard commands and extensions deliver the majority of capabilities required by high density data centers

– Platform identification

– Sensor status and logging

– Simplified power management

DCMI is used by ThinkServer Energy Manager to interface with TSM and power management functions (Intel Node Power Manager)


Data Center Manageability Interface (DCMI)


36

Windows PowerShell is a task-based command-line shell and scripting language that helps IT administrators automate server management

– Leverage common tools for script development and advanced automation tasks

– Abstracts complexities of the underlying APIs used to communicate with the TSM

The ThinkServer System Manager Command Line Interface (TSMCLI) is a PowerShell module

The CLI communicates with the BMC using HTTP or HTTPS

Provides direct access to management functions as an alternative to the web-based user interface and also as a way to script tasks for execution in multiple servers

Many features and functions available thru IPMI and the Web I/F are supported by the CLI


PowerShell CLI

Invoke-TMMCLI [-CommandName]

<COMMAND_NAME>

[COMMAND_PARAMETERS] [-CommandArgs]

@ {[COMMAND_ARGUMENTS]}

<COMMAND_NAME> is the TSMCLI command which will be

executed. Examples: "get-help", "get-users", "set-

nicsettings".

[COMMAND_PARAMETERS] are items that specify

additional information such as the name of the ThinkServer

to address, authentication method and credentials, etc.

[COMMAND_ARGUMENTS] specifies additional arguments

specific to each TSMCLI command.

37

Configure Date and Time / NTP Servers

User Management

SSL Certificates Management

Server Power Control

Configure / Recover TSM Configuration

Firmware Management and Update for supported devices

Configure / Manage Network Configuration

Configure Network Services

Configure Front Panel Operator Buttons

Monitor / Manage Sensors

Read FRU inventory

Manage Virtual Media

Manage Event Logs

Configure and Manage Event Notifications

PowerShell CLI Supported Operations Summary

2014 LENOVO. ALL RIGHTS RESERVED.

38

Date and Time:

– Get current time

– Set current time

– Configure NTP

User Management:

– Add user

– Modify user

– Delete user

– Configure user privileges

– Configure AD authentication

– Configure LDAP/LDAPS authentication

– Configure PAM order

– Configure WebUI session timeout

SSL Certificates:

– Get SSL certificate

– Upload SSL certificate

Server Power Control:

– Power up

– Power down immediately

– Power down gracefully (ACPI)

– Power cycle

– Reset

TSM Configuration:

– Back up configuration

– Restore configuration

– Reset to default configuration

Firmware Management for devices that support it, such as BMC, BIOS, TDM, Windows Drivers, Linux Drivers...):

– Get firmware version

– Update firmware

PowerShell CLI Supported Operations Detail

Network Configuration:

– IPv4 settings (manual and DHCP)

– IPv6 settings (manual and DHCP)

– DNS server

– Default gateway

– VLAN

– Configure IP Blacklist

– Configure Port Blacklist

Network Services:

– Configure HTTP port

– Configure HTTPS port

– Configure SSH port

– Configure KVM ports

– Configure Telnet ports


39

Panels and Buttons:

– Configure power button (enable/disable)

Sensors:

– Power supply voltage

– Power supply temperature

– Power supply consumption

– Power supply data reporting

– CPU

– Memory

– System temperature

– Inlet temperature

– Devices temperature (for the devices that have this information exposed through the BMC)

– Devices voltage (for the devices that have this information exposed through the BMC)

– Devices status (for the devices that have this information exposed through the BMC)

– Devices presence (for the devices that have this information exposed through the BMC)

Sensors (cont):

– Fan fault

– Fan speed

– I/O subsystems

– HBA

– Chassis intrusion

– Removal/insertion of all externally accessible and enabled storage

– BMC software health status

– BMC hardware health status

Read FRU inventory

Serial Ports:

– Configure Serial over LAN

Remote Media:

– Get remote media information

– Mount / unmount remote media (CD/DVD, USB, HD)

PowerShell CLI Supported Operations Detail (cont.)

Log Management:

– Read SEL

– Clear SEL

– Read audit log

– Configure audit log (Enable/Disable)

Notifications:

– List event filters

– Get event filter

– Create event filter

– Delete event filter

– Modify event filter

– Configure e-mail settings

– Configure SNMP settings



41

Systems Management Architecture for Server Hardware (SMASH) is a suite of specifications to facilitate the management of a data center, independent of vendor, topology, or operating system

– Defines a common architectural model (CIM), standard protocols, and profiles

The SMASH initiative includes two methods of interaction:

– Server Management Command Line Protocol (CLP)

–A command line syntax allowing an operator or a script to execute common system tasks over a text-based transport protocol

–SMASH CLP interface is accessed with a CLI to the TSM using Telnet or SSH over LAN

– WS-Management (WS-MAN)

–A Web services interface for system management

–WS-MAN is a programmatic interface used by management consoles over LAN


SMASH Interfaces

42

No Profile Required

1 Base Server Profile Y

2 Boot Control Profile Y

3 Service Processor Profile Y

4 CLP Service Profile Y

5 CPU Profile Y

6 Device Tray Profile

7 DHCP Client Profile Y

8 DNS Client Profile Y

9 Ethernet Port Profile Y

10 Fan Profile Y

11 IP Interface Profile Y

12 Modular System Profile

13 Pass-through Module Profile

14 Physical Asset Profile Y

15 Power State MGMT Profile Y

16 Power Supply Profile Y

17 Record Log Profile Y

18 Role Based Authorization Profile Y

No Profile Required

19 Sensors Profile Y

20 Shared Device MGMT Profile

21 Simple Identity MGMT Profile Y

22 SM CLP Admin Domain Profile Y

23 SMASH Collections Profile Y

24 Software Inventory Profile

25 Software Update Profile

26 SSH Service Profile Y

27 System Memory Profile Y

28 Telnet Service Profile

29 Text Console Redirection Profile Y

30 Watchdog Profile Y

31 KVM Redirection Profile Y

32 PCI Device Profile Y

33 OS Status Profile Y

34 Indicator LED Profile Y

35 Indications Profile Y

36 SMI-S Host Hardware Raid Controller

Profile Y


SMASH Profiles Supported

TSM supports all required and optional SMASH Profiles


44

Provides a mechanism to redirect a text serial console

Methods

– IPMI Serial over LAN (SOL) over server management LAN

– Telnet/SSH session over LAN – SMASH-CLI command to start console redirection

– Serial Console Redirection direct server serial port connection (TSM not involved)

Provides software, or user at remote console, means of remote text based KVM

– Serial text-based interfaces (e.g. BIOS setup, RAID configuration)

– Operating system command-line interfaces (e.g. DOS, Linux consoles)

– Serial text-based applications


Serial Console Redirection

IPMI Serial over LAN (SOL)

Telnet / SSH session

Serial Port Console Redirection

45

Configure the serial output so TSM can be remotely viewed over the LAN

1. Configure Serial Port settings in BIOS

a. Configure COM port settings (Baud, etc.)

b. Enable ―Console Redirection‖

2. Configure TSM IPMI SOL Settings – Match COM port settings.

3. Configure TSM accounts to allow access on LAN

4. Start IPMI SOL Session


Configuring IPMI SOL

46

Configure the serial output of the server so console can be remotely viewed over serial connection (TSM is not involved)

1. Use serial console application

2. Connect (null-modem) serial cable to ThinkServer serial port (COM1)

3. Configure console redirection in BIOS

a. Enable ―Console Redirection/SOL‖

b. Enable ―Redirection After BIOS POST‖

c. Configure COM port settings (Baud, etc.)

4. Configure terminal client COM port settings – match settings on server

5. Terminal app will display all text based output as shown on local server monitor


Configuring Serial Console Redirection


48

The TSM supports SNMP v3 using both IPv4 and IPv6

– IPMI SNMP traps (alerts)

– SNMP get IPMI command (Status information)

An SNMP Management Information Base file (MIB) is provided to enable integration into SNMP based management applications

– one for GETS

– one for TRAPS

One default SNMP Community is supported (community1)

SNMP is enabled for local user accounts in user management tab

– Supports SHA, MD5 authentication

– Supports DES, AES encryption


SNMP


50

Using a comprehensive network of sensors and watchdog timers, TSM monitors:

– System operational status including power state

– Environmental information including temperatures, voltages, fan speed readings, bus errors, etc.

– Manual or system driven recovery actions – local or remote system resets and power on/off operations

Logs record abnormal or ‗out-of-range‘ conditions, and important system events for later examination and alerting — without operating system intervention

System status sensor data is accessible via (Web, IPMI, SMASH-CLI, WS-Man, PowerShell CLI

Sensor definitions can be discovered using the IPMI Sensor Data Records (SDRs) and sensor device commands

System Status LED provides quick visual identification of error conditions


Monitoring System Status

51

The TSM can notify users or management applications when a system fault or important state change occurs

Events are categorized as:

– Critical – system failure

– Warning – possible pending issue

– Information – general status

Platform Event Filters (PEF) provide a mechanism to configure specific actions to be performed on certain events. Specific actions include:

– Power Actions – Do Nothing, Power Down, Power Reset, Power Cycle

– Trigger remote alert via Platform Events Trap (PET) or email

Remote notification can occur via the following methods:

– SNMP Traps via Ethernet only

– SNMP MIB provides specific information about the alert

– Email

– Address is configurable for each local user and each Alert LAN Destination can have one local user assigned

– Reports TSM host name, sensor name, sensor type, failure description

– CIM events sent to clients that have registered to receive indications


Error Reporting with Remote Alerts

52

Email address is configurable for each local user and each Alert LAN Destination can have one local user assigned

Reports

– TSM host name

– Sensor name

– Sensor type

– Severity

– Failure description

Similar information to that recorded in the SEL


Email Alert Contents

53

System Event Log (SEL)

– Records events related to the sensors available in the TSM

– SEL is accessible in web server and can be filtered and sorted

– Accommodates over 3000 unique entries – alert can be configured when log full or past a certain threshold

Extended SEL

– Provides correlated data to IPMI SEL events – additional information not saved in IPMI SEL

Audit Log

– Records events related to actions performed by the users including logging on, password changes, etc.

– Audit log can be disabled, so that no new events are registered to this log


Event Logs

54

LED Location Color Possible states and Indicated

Conditions

System Fault Front Panel Amber On – Fault

Off – System Status OK

Unit Identification* Front Panel

Motherboard Blue

On – Attention Off – No action

BMC heart beat Motherboard Green On – Fault Off – Fault

Blink – Health Status OK

FAN Motherboard Amber On – Fan Fault

Off – OK

PSU Fault Power Supply (rear panel) Amber On – PSU Fault

Off – OK


System Status LEDs

* Controlled by front panel ID button and IPMI command


56

Sensor Type Sensor Name

Temperature Ambient Temp

Exhaust Temp

CPU1 DTS

CPU2 DTS

Voltage

System 3.3V

System 5V

System 12V

AUX 1.2V

AUX 1.26V

AUX 1.5V

AUX 3.3V

PCH 1.05V

PCH 1.5V

CPU Core

CPU1 VR

CPU2 VR

DIMM AB 0.6v

DIMM AB VR

DIMM CD 0.6v

DIMM CD VR

DIMM EF 0.6v

DIMM EF VR

DIMM GH 0.6v

DIMM GH VR

Power

System Power

CPU Power

DIMM Power

PSU1 Power

PSU2 Power


Sensor Definitions (Supported with PEFs)

Sensor Type Sensor Name

Fans Speed Fan (1), Fan (2), … Fan (n)

Physical Security Chassis Intrusion

Processor CPU Fault

CPU Usage

Power Supply Status

PSU Overload

PSU Fault

PSU Redundancy Lost

System Power State Host Power (Power on / Power up)

Memory DIMM Fault

Drive Slots (General) HDD (Drive added, removed, offline, PFA)

System Firmware Progress BIOS

Event Logging Disabled SEL Full

Watchdog Timer Watchdog Trip

57

Sensors are organized into the following categories:

– Temperature

– Voltage

– Fan

– Power Supply

– Others

Click corresponding tab to view sensors in that category

– Sensors presented in a table with the current readings

– Green = OK

– Orange = Warning

– Red = Critical

– Grey = Additional sensor data not available (via link)


Viewing Sensors from the Web Interface

58

Clicking a sensor name opens another dialog with detailed sensor information

– Current reading

– Sensor Thresholds

– Chart representing events logged in the SEL for this sensor

Sensor thresholds

– Lower Non-Recoverable

– Lower Critical

– Lower Non-Critical

– Upper Non-Critical

– Upper Critical

– Upper Non-Recoverable


Web Interface – Detailed Sensor Information


60

PEF Management provides mechanism to configure specific actions to be performed on particular event messages

Actions include reboot, power cycle, power off, and trigger an alert (Platform Events Trap [PET] and/or e-mail)

To configure a PEF, specify:

1. Add a ―LAN Destination‖

2. Add an ―Alert Policy‖ using the previously created ―LAN Destination‖ and associate with a specific policy number

3. Add an ―Event Filter‖ using the same policy number previously used in the step above


Configuring Platform Event Filters (PEFs)

The Event Filter tab displays a table with event filters

currently in use. Filters can be managed from this tab.

61

Two types of LAN destinations – SNMP Trap or Email Alert

– SNMP Trap sends alert message to an IPv4 or IPv6 address

– Email alert provide static subject and message fields

Configuring LAN Destinations

– The LAN Destination tab displays all existing LAN destinations

– Alert Policies requires at least one LAN Destination, but can have many


Configuring PEFs – LAN Destinations

62

Alert Policies define

– When to send the alert defined by ―Policy Set‖

– Where to send the alert selected from pre-defined list of ―LAN Destinations‖

– Additional information to send in selectable ―Alert String‖

Configuring Alert Policies

– Alert policies have a ―Policy Number‖ that will be associated with the event filter

– Multiple alert policies with the same Policy Number can be triggered by the same event filter


Configuring PEFs – Alert Policies

The Alert Policy tab displays all existing Alert policies

63

Configuring an Event Filter – Specify:

– The severity of the event that will trigger the alert – ―Event Filter Configuration‖

–Monitor, Information, Normal, Non-Critical, Critical, Non-Recoverable, Unspecified

– Which sensor to monitor – ―Sensor Configuration‖

– What action to take when the event is triggered – ―Filter Action‖

–Which Alert Policy to associate with this filter – multiple policies can be selected

–What Power Action to take (Do Nothing, Power Down, Power Reset, Power Cycle)

– IPMI Generator ID, and Event Data Configuration exposed for detailed event creation


Configuring PEFs – Event Filters

64

Email notifications can be sent to users when:

– Status of the system changes or a critical error happens

– Local user in case of a forgotten password

Configure SMTP servers

– Sender address – email address to appear in ―from‖ field of email

– Machine name – TSM host name

– Primary and secondary destination SMTP server IPv4 address and port number (default is 25)

– SMTP server authentication if required


Configuring Email Alerts


66

Interface BIOS TSM RAID Controllers

UEFI Interface (BIOS Pre-boot) Yes Yes Yes

TSM Web Interface No Yes No

PowerShell CLI No Yes No

IPMI No Yes No

CIM Interfaces (SMASH CLI, WS-Man) No No No

SNMP No No No


ThinkServer Configuration

67

Configuration Item Web PowerShell IPMI WS-Man SMASH-CLI

Server Power Button Yes Yes Yes Yes Yes

Local User accounts and privileges Yes Yes Yes Yes Only Account settings

allowed not Privilege.

Active Directory / LDAP configuration and accounts Yes No Yes No No

Network settings for each interface Yes Yes Yes Yes No

Virtual console and virtual media enablement and

configuration Yes Virtual media only Yes

Service Enablement allowed, but not

other configurations or media redirection

Only Service

Enablement allowed

Notification settings – SNMP traps, SMTP

Configurations Yes Yes Yes Yes No

NTP client configuration Yes No Yes No (Date and time can be set) No (Date and time can

be set)

Security certificates management Yes No Yes No No

Services Management Yes Only Enable /

Disabled allowed Yes Only Enable/Disabled allowed

Only Enable/Disabled

allowed

Session timeouts Yes No Yes No No

Firewall Yes No Yes No No

Platform Event Filters Yes Yes Yes Yes No

IPMI Serial Over LAN (SOL) Yes No Yes No Yes

Thermal and power capping profiles Via DCMI No Yes No No


TSM Configuration Support

68

Backup and Restore

– All TSM settings can be preserved to a local file

– Settings can be restored by importing a previously saved configuration file

– Restore operations require the TSM to be rebooted (but not the server)

All TSM settings are saved if firmware upgrade is performed

A TSM factory reset resets all settings to default values


TSM Configuration Backup and Restore


70

TSM network port selectable

– Shared with OS / multiple MAC addresses

– Dedicated

Addressing

– IPv4 or IPv6 supported (IPV6 can be disabled)

– IP address obtained from DHCP server or assigned statically

Supports VLAN

– VLAN ID (2-4094)

– Priority (1-7)


Network Configuration

71

DNS enables a DNS server to translate host names into IP addresses

TSM Host Name supports manual or automatic configuration (assigned MAC address)

Multicast DNS (mDNS) support

– provides a zero configuration host name resolution service

DDNS support methods for host name registration

– Nsupdate (Direct Dynamic DNS)

– Supports TSIG authentication if required – a TSIG private file will be needed

– DHCP Client FQDN to register through DHCP server

– Hostname

– None


DNS Settings

72

Configures network link speed and duplex mode

'Auto Negotiation' enables link speed and duplex mode to be set automatically to achieve the best possible performance

Link can only be configured when TSM NIC is in Dedicated mode


Link Speed

73

Service Default Non-Secure

Port Default Secure Port Max Sessions Port Configurable?

Session Timeout

Configurable?

Web (HTTP / HTTPS) 80 443 20 Yes Yes (5 – 30 min)

Telnet 23 N/A N/A Yes Yes (1 – 30 min)

SSH N/A 22 N/A Yes Yes (1 – 30 min)

SNMP Agent 161 N/A N/A Yes No

SNMP Traps 162 N/A N/A No No

Remote KVM 7578 7582 4 No Yes (5 – 30 min)

Remote Media (HDD) 5123 5127 3 No No

Remote Media (CD/DVD) 5120 5124 1 No No

Network Time Protocol 123 N/A N/A No No

SLP 427 N/A N/A No No

SMTP (email alerts) 25 N/A N/A Yes No

DHCP Client 68 N/A N/A No No

DNS Client 53 N/A N/A No No

LDAP / LDAPS 389 636 N/A Yes No

Active Directory 389 636 N/A Yes No

WS-Man 5988 5989 N/A No No

SMASH-CLI N/A N/A 3 No Yes (1 – 30 min)


Service Management


75

User authentication through LDAP / Active Directory, or 9 local hardware-stored user accounts and passwords

Role-based authorization

– Enables administrators to configure specific privileges for each user

– Public Key Authentication: Allows for the use of a private key to authenticate over SSH instead of the typical user name/password authentication

Interface Security

– Session time-out: Provides automatic session time-out for inactivity (Web, Telnet, SSH, KVM)

– Firewall configurable to block network traffic based on IP address or network port

Configurable Network Service ports

– Allows customization of ports used by TSM services

Security settings configurable through the Web interface, PowerShell CLI, and IPMI

Encryption secured with 256-bit Secure Sockets Layer (SSL)

– Secure Web-server (HTTPS)

– Secure LDAP (LDAPS)

– Supports Virtual Console and Virtual Media encryption

The TSM supports terminal connections to clients using SSH version 2.0

– SSH uses user ID and password pairs stored in local user accounts or AD/LDAP server

– Supports the following encryption algorithms:

– 3DES, Blowfish, RC4, AES

VLAN support

– Enables management traffic to be located in a private ―management VLAN‖ in both dedicated and shared network modes

– VLAN groups can be used to limit network access to devices subscribed to the VLAN group


TSM Security Features

76

Used to define rules to prevent network traffic to or from specific IP addresses and ports

– Block specific IP address or range of IP addresses

– Block all TCP or UDP communication through specific port or range of port numbers


Firewall

77

SSL and SSH require a valid certificates and corresponding private encryption keys.

The following methods for generating or importing the private key and required certificate are supported

– Generate and install a self-signed X.509 certificate

– Import a signed DER encoded X.509 certificate

Certificates are saved across firmware updates when flashing to a newer code level

– Information not guaranteed to be saved if flashing to an older code level


Certificates


79

TSM supports three methods of authentication

– Local authentication – user account and privileges info stored in TSM non-volatile storage

– Active Directory – user authenticated via remote A.D. server

– LDAP – user authenticated via remote LDAP server

Multiple methods can be used – order of authentication can be specified. By default, the TMM tries to authenticate user credentials in the following order:

– Locally

– LDAP (if enabled)

– Active Directory (if enabled)

Authentication is required on all interfaces except for SNMPv1 and in-band KCS interface

Forgotten passwords mechanism is available for local users that have a valid email address registered in TSM


TSM Authentication

Up to 5 Active Directory and LDAP groups supported

No modifications to the directory schema

LDAPS supported (TLS, SSL) – Certificate management in LDAP settings

80

Feature Administrator Operator User

Dashboard Can view, configure, control all settings Can view all information Can view System Summary, Latest Event Logs, Sensors, Launch Console (if privilege granted)

Backup and Restore Can perform Factory Reset Can perform Firewall Can view and configure Can view settings Firmware Update Can perform FRU Inventory Can view Can view Can view Logging - Event Log Can view and clear log Can view log Can view log Logging - SEL Record Details Can view Can view log Can view log Logging - Audit Log Can view log. Can enable/disable log Can view log Can view log Networking – NIC, DNS, Link Can view and configure Can view NTP Settings Can view and configure Can view PEF Management Can view and configure Can view Power Management - Power Status Can perform Can view Can view Power Management - Power Button Can perform Sensor Monitoring Can view sensors and sensor detail Can view sensors Can view sensors Serial Over LAN Can view and configure Can view

Services Management Can view and configure services and manage active sessions

Can view services Can view services

SMTP Settings Can view and configure Can view SSL Certificate Settings Can view and configure Can view Can view Users - Local Users, Active Directory, LDAP Can view and configure Can view Users - Authentication Order Can view and configure Can view

Virtual Console - Console Launcher View console screenshot and launch console if privilege granted.

View console screenshot and launch console if privilege granted.

View console screenshot and launch console if privilege granted.

Virtual Console - Settings Can view and configure Can view Can view Virtual Console - Remote Images Can view and configure Can view Can view


Privilege Levels

81

User Interface Local Accounts LDAP Active Directory

Web Interface Yes Yes Yes

WS-MAN Yes Yes Yes

SMASH-CLI Yes Yes Yes

IPMI Yes No No

IPMI SOL Yes No No

SNMPv3 Yes No No


Access Credentials Supported by Authentication Method

82

User

ID User Name

Default

Password Default Status User Role KVM Virtual Media SNMP (Gets)

anonymous Enabled (Hidden) Administrator Enabled Enabled Disabled

1 lenovo len0vO Enabled Administrator Enabled Enabled Disabled


Default User Profiles

83

Configure local user account access via SNMP

– Select authentication mode and method of encryption

Can use SSH certificate for logging in without a password


Additional Local User Account Controls


85

The TSM provides a detailed record of components currently installed in the system

FRU data available from Web I/F, IPMI, PowerShell CLI, WS-Man, SMASH-CLI

FRU data is refreshed at every reboot or TSM reset

FRUs tracked include:

– AnyRAID adapters

– HDD / SSD Drives

– Riser Card

– PSUs

– AnyFabric Mezzanine cards

– Mid Plane cards

– Back Plane cards

– DIMMs

– CPUs

The FRU Inventory dialog lists all the existing FRUs and provides detailed information about them, such as:

– Chassis: type, serial number, part number, and others.

– Board: manufacturer, product name, serial number, part number, and others.

– Product: manufacturer, part number, version, and others.

Use the dropdown list at the top of the page to select a specific FRU and obtain product details


FRU Monitoring and Component Tracking


87

Supports update for TSM, BIOS, ThinkServer Deployment Manager, AnyRAID Mid-plane cards, Mezzanine Card, PSU‘s

Firmware update packages can be uploaded from local computer, or networked location (CIFS, NFS, and TFTP shares supported)

– Packages can be signed

After update bundles transferred to TSM, only applicable updates will be enabled

Automatic Rollback of BIOS and TSM firmware to last known good recovery image if firmware image is corrupted

– An IPMI OEM command is available to force boot from the recovery image instead of the primary image

– Version downgrade is not supported

Methods of update

– Web

– PowerShell CLI

– Flash Utilities (OS application)


Firmware Update Support

Firmware Update via Web Interface

88

Partition 1

– Backup of BMC image. BMC uses data in this partition to recover from corrupted primary image.

Partition 2

– Used primarily for host access. Stores images for local media. Host accesses these images as virtual disks and devices.

– TDM image – TDM can recover or upgrade from this image.

– Windows driver image / Linux driver image – Required drivers OS installation can be found here without network.

– Diagnostic image – Diagnostics

– Temporary image – Used in the process of maintaining the images. If a sudden power loss happens while updating images, temporary image is used for recovery in next power on.

Partition 3

– This partition is mainly accessed as BMC external storage.

– Extended SEL Log

– Debug Logs – Stores debug information including IPMI request and response logging. This logging can be switched dynamically via OEM IPMI command.

– Configurations that need to be preserved even during reset to defaults.

– Backup images of BIOS, TDM, and CPLD. These devices can be recovered using these images.

Partition 4

– Reserved for future use


Firmware Recovery – Layout of EMMC

TDM

TDM


90

Power Management Controls allows monitoring and manipulating the power status of ThinkServer

– Power On – Power on the server immediately

– Power Off Gracefully – The TSM attempts to shut down the operating system and then turns off the server

– Power Off Immediately – Turns the server off without shutting down the operating system

– Reset – The TSM restarts the server by rebooting the system without powering off

– Power Cycle – The TSM restarts the server by powering down the server without shutting down the operating system, and then reboots the system

Power Management Server Power Button enables / disables the front panel power switch on the server


Power / Reset Control

91

TSM Premium enables ThinkServer Energy Manager support

Licenses features of integrated Intel Node Manager 3.0 accessible through standard DCMI interface

– Monitors and reports system level power, temperature, and utilization metrics

– Enforces cap power policies by adjusting processor frequency scaling and dynamic voltage adjustment

Data from various sensors captured to compute the system level power consumed.

Power capping policies sent from Energy Manager are dynamically accepted and enforced by Node Manager closed-loop controls.


Documents

2014 LENOVO. All rights reserved.media.lenovo.ru/Files/_Products/SERVERS_and... · Supported Systems 3rd thand 4th generation ThinkServer Except TS130, TS140, RS140 5 generation ThinkServer